Hello everyone,
One of my clients misused the RoundCube Identities feature, adding an unauthorized email ID and spamming. I have resolved it now and thought to share the common issue, as it might help you enhance security and reduce the risk of phishing or misuse. You can configure RoundCube to restrict users from adding unauthorized email identities. By setting the following configuration option, you can maintain a professional communication standard while allowing users to update their existing information:
Steps to Implement:
1. Locate your Roundcube Configuration File, For example:
/var/www/2cbbd324-057b-4631-b307-14ec753c3ccb/public_html/config/config.inc.php
Search for your actual RoundCube configuration path in /var/www/
2. Add the Configuration Option: Simply insert the line mentioned above into your configuration file.
// Allow users to edit existing identities but not add new ones
$config['identities_level'] = 2;
Know the identities_level setting controls the following:
0: Users can create and edit all identities.
1: Users can create and edit identities but only with their own email address.
2: Users can edit their own identity but cannot create new ones.
3: Users cannot create or edit identities.
3. Log into RoundCube Webmail: Navigate to Settings -> Identities. You will notice that the option to add new identities is no longer available.
This change ensures that all emails sent from the platform use predefined, authorized email addresses, which significantly reduces the potential for misuse.
Feel free to reach out if you have any questions or need further assistance! Thanks.!
